CQURE & STEALTHbits: "Honeytokens" - Using Honeypots to Detect Credential Compromise
Commonly used and highly successful credential compromise techniques like Pass-the-Hash and Pass-the-Ticket are notoriously difficult to detect amidst the noise of everyday activities within Active Directory. To an observer, they appear to be legitimate authentication events and to Active Directory, they are.
However, the use of deception methods like honeypots have proven to be particularly effective in capturing less savvy or careless attackers at a minimum, allowing security practitioners to proactively detect and thwart attempts to compromise their credentials and the resources they provide access to.
Join CQURE’s Dr. Mike Jankowski-Lorek, Security and Cloud Solutions Expert, and STEALTHbits’ Technical Product Manager, Lee Berg, for an informative tutorial on sophisticated credential attack techniques and how the use of honeypots can be employed to definitively detect attempts to compromise Active Directory credentials.
During this 60 min session, we’ll review:
• How do these attacks really work?
• Why are they so difficult to detect?
• How can techniques like “Honeytokens” help identify nefarious authentication behavior?
Join us on Tuesday, August 20th at 1 PM ET / 11 AM PT!
Date: Tuesday, August 20, 2019
Time: 1:00 PM ET
Duration: 60 minutes
Technical Product Manager
Dr. Mike Jankowski-Lorek
Cloud Security & Database Expert